Case :
UB2.C7 -Manage Device Logs
– UB2.C7.K1 -Clean/Remove Device Logs
Protection :
UB2.C7.K1.P1
– Restrict access to Device Logs
– Audit access to Device Logs
– Backup Device Logs
Threat :
UB2.C7.K1.T1
– Lost of non-reputation evidence
– Lack of visibility over malicious activities
– Regulatory Non-Compliance
KQL Query :
Detect Windows Security Logy removed